U.s. Vulnerable To Threat Of Cyberterrorism

Experts Urge Prompt Action For Real Problem

December 27, 1998|By Vincent J. Schodolski, Tribune Staff Writer.

LOS ANGELES — Mention terrorism and images of a bombed out World Trade Center and a nerve-gas filled Tokyo subway come to mind, but there is another realm where terrorists can strike that is much harder to defend than brick and mortar.

That's the realm of cyberspace.

Increasingly, government officials, business leaders and academics are turning their attention to the vulnerability of the nation's infrastructure to attacks by determined cyberterrorists who could disrupt a panoply of things ranging from electricity and water supplies to railroad and air-traffic controls, even the automatic teller machine at the corner.

Experts warn that the growing interconnection between vital information systems linked through national and international telecommunication switches has left the U.S. open to anyone with a computer, access to the Internet and a modicum of computer sophistication.

"There is no way to totally protect a computer system that is networked to another system," said Mary Culnan, a professor at Georgetown University and a former member of a White House commission that studied the nation's infrastructure.

That study, completed a year ago, found the U.S. was extremely vulnerable to such a cyberassault and urged quick action to deal with the problem.

"We offer these recommendations with a sense of urgency," the report said. "While we do not believe a debilitating attack is imminent, the threats to our nation and the vulnerability of our infrastructures are real. And the time to act is now."

Perhaps the most chilling conclusion reached by experts is the ease with which systems could be compromised.

Using a PC and a phone line, a skilled person could shut off electricity to whole regions of the country or cripple police and fire service by disabling 911 service. According to the commission's report, an estimated 17 million people in the U.S. have the skills to carry out such attacks.

"The public switched network carries 90 percent of communications for systems like railroads, financial data, electricity, natural gas and the telephone service," said Terry Hawkins, director of the Nonproliferation and International Security division of the Los Alamos National Laboratory.

That New Mexico lab is one of the primary centers where research is being conducted into ways to "harden" the U.S. infrastructure to protect it from tampering by people who either have political motives or who are determined to crack into computer systems for the perverse satisfaction it might provide.

The simplest example of cyberterrorism that experts suggested was the flooding of a computer system with thousands of e-mail messages sent simultaneously. Such a deluge could cause critical systems to slow or crash.

Open up your favorite Web browser, type in a few key words, and within minutes you can locate and download a small program that gives you all the tools you need to send a mass e-mailing to a specific computer. If this happened to be one that coordinated some vital service, the system could be brought to a standstill.

Hawkins offered an example of how an enemy might use a cyberattack to cause disruption during a war.

Drawing a scenario of an outbreak of hostilities on the Korean Peninsula, Hawkins said an enemy could penetrate a railroad switching system and disrupt vital shipments.

"Suppose someone is assembling railroad cars in Chicago," he said. "These days that is done by computer. Someone in Tallahassee can be doing that by moving icons around on a screen."

In Hawkins' scenario, cars of ammunition had to be shipped to Oakland, where they would be loaded on a ship bound for the Far East.

In the same yard at the same time, there were cars of wood chips bound for a paper mill in Wisconsin.

"All they (the terrorists) would have to do is ship the wood chips to Oakland and the ammunition to Wisconsin," Hawkins said.

Other examples offered by Hawkins, other experts and the commission's report showed how things could be disrupted.

Airplanes could be rerouted to collision courses, oil shipments could be disrupted, gas supplies cut off and government records (some of them stored only in electronic form now) destroyed.

"That it (a cyberattack) will happen eventually is certain," Culnan said. "We don't know where or when, but it will happen."

"The most prudent approach is to admit that you will be hacked," said Hawkins, suggesting that the best way to protect the infrastructure is to make it much harder to penetrate.

Scientists at Los Alamos are looking into innovative methods of encryption as one way of protecting vital information systems.

Among the methods is quantum encryption that uses the laws of physics to transmit the codes needed to read the encrypted data.

Using a bombardment of protons that are of two different polarities to represent the 1 and 0 of the binary system of computing, quantum encryption makes it virtually impossible for the key to the code to be intercepted by an interloper.

The Los Alamos lab also is studying the way human cells adapt to protect themselves from attacking viruses to try to come up with "mutating firewalls" that would make cracking into a computer system infinitely complicated.

While such protections remain in the research stage, the threat of cyberterrorism remains real, and the failure of government and business leaders to seek solutions to the problem of protecting the nation's infrastructure worries some of those involved in the process.

Culnan says little has been done to follow up on the commission's recommendations, in part because leaders in diverse sectors of the government and the private economy can't agree on an approach that satisfies disparate concerns about privacy, security and the cost of fixing the problems.

"Until something happens or until there is a problem for my (some individual) company, no one is going to take this seriously," Culnan said.